summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--perl-install/any.pm60
-rw-r--r--perl-install/install2.pm5
-rw-r--r--perl-install/install_steps.pm5
-rw-r--r--perl-install/install_steps_interactive.pm3
-rw-r--r--perl-install/security/level.pm40
-rw-r--r--perl-install/security/libsafe.pm18
6 files changed, 48 insertions, 83 deletions
diff --git a/perl-install/any.pm b/perl-install/any.pm
index 578d7c465..62de800ed 100644
--- a/perl-install/any.pm
+++ b/perl-install/any.pm
@@ -845,66 +845,6 @@ sub ddcxinfos {
@l;
}
-sub config_libsafe {
- my ($prefix, $libsafe) = @_;
- my %t = getVarsFromSh("$prefix/etc/sysconfig/system");
- if (@_ > 1) {
- $t{LIBSAFE} = bool2yesno($libsafe);
- setVarsInSh("$prefix/etc/sysconfig/system", \%t);
- }
- text2bool($t{LIBSAFE});
-}
-
-sub config_security_user {
- my ($prefix, $sec_user) = @_;
- my %t = getVarsFromSh("$prefix/etc/security/msec/security.conf");
- if (@_ > 1) {
- $t{MAIL_USER} = $sec_user;
- setVarsInSh("$prefix/etc/security/msec/security.conf", \%t);
- }
- $t{MAIL_USER};
-}
-
-sub choose_security_level {
- my ($in, $security, $libsafe, $email) = @_;
-
- my %l = (
- 0 => N("Welcome To Crackers"),
- 1 => N("Poor"),
- 2 => N("Standard"),
- 3 => N("High"),
- 4 => N("Higher"),
- 5 => N("Paranoid"),
- );
- my %help = (
- 0 => N("This level is to be used with care. It makes your system more easy to use,
-but very sensitive: it must not be used for a machine connected to others
-or to the Internet. There is no password access."),
- 1 => N("Password are now enabled, but use as a networked computer is still not recommended."),
- 2 => N("This is the standard security recommended for a computer that will be used to connect to the Internet as a client."),
- 3 => N("There are already some restrictions, and more automatic checks are run every night."),
- 4 => N("With this security level, the use of this system as a server becomes possible.
-The security is now high enough to use the system as a server which can accept
-connections from many clients. Note: if your machine is only a client on the Internet, you should choose a lower level."),
- 5 => N("This is similar to the previous level, but the system is entirely closed and security features are at their maximum."),
- );
- delete @l{0,1};
- delete $l{5} if !$::expert;
-
- $in->ask_from(
- N("DrakSec Basic Options"),
- N("Please choose the desired security level") . "\n\n" .
- join('', map { "$l{$_}: " . formatAlaTeX($help{$_}) . "\n\n" } ikeys %l),
- [
- { label => N("Security level"), val => $security, list => [ sort keys %l ], format => sub { $l{$_[0]} } },
- if_($in->do_pkgs->is_installed('libsafe') && arch() =~ /^i.86/,
- { label => N("Use libsafe for servers"), val => $libsafe, type => 'bool', text =>
- N("A library which defends against buffer overflow and format string attacks.") }),
- { label => N("Security Administrator (login or email)"), val => $email, },
- ],
- );
- }
-
sub running_window_manager {
my @window_managers = qw(kwin gnome-session icewm wmaker afterstep fvwm fvwm2 fvwm95 mwm twm enlightenment xfce blackbox sawfish olvwm);
diff --git a/perl-install/install2.pm b/perl-install/install2.pm
index f737dc00a..9d6eb07c1 100644
--- a/perl-install/install2.pm
+++ b/perl-install/install2.pm
@@ -288,8 +288,9 @@ sub setupBootloader {
local $ENV{DRAKX_PASSWORD} = $o->{bootloader}{password};
local $ENV{DURING_INSTALL} = 1;
run_program::rooted($o->{prefix}, "/usr/sbin/msec", "-o", "run_commands=0", "-o", "log=stderr", $o->{security});
- any::config_libsafe($o->{prefix}, $o->{libsafe});
- any::config_security_user($o->{prefix}, $o->{security_user});
+ require security::various;
+ security::various::config_libsafe($o->{prefix}, $o->{libsafe});
+ security::various::config_security_user($o->{prefix}, $o->{security_user});
}
#------------------------------------------------------------------------------
sub configureX {
diff --git a/perl-install/install_steps.pm b/perl-install/install_steps.pm
index 592d119d1..34503a80e 100644
--- a/perl-install/install_steps.pm
+++ b/perl-install/install_steps.pm
@@ -931,9 +931,10 @@ sub miscellaneousBefore {
my %s = getVarsFromSh("$o->{prefix}/etc/sysconfig/system");
$o->{miscellaneous}{HDPARM} = $s{HDPARM} if exists $s{HDPARM};
require security::level;
+ require security::various;
$o->{security} ||= security::level::get() || ($o->{meta_class} =~ /server|firewall/ ? 3 : 2);
- $o->{security_user} ||= any::config_security_user($o->{prefix});
- $o->{libsafe} ||= any::config_libsafe($o->{prefix});
+ $o->{security_user} ||= security::various::config_security_user($o->{prefix});
+ $o->{libsafe} ||= security::various::config_libsafe($o->{prefix});
log::l("security $o->{security}");
diff --git a/perl-install/install_steps_interactive.pm b/perl-install/install_steps_interactive.pm
index 762887ae2..d57fa421a 100644
--- a/perl-install/install_steps_interactive.pm
+++ b/perl-install/install_steps_interactive.pm
@@ -1100,7 +1100,8 @@ sub miscellaneous {
my ($o, $_clicked) = @_;
if ($::expert) {
- any::choose_security_level($o, \$o->{security}, \$o->{libsafe}, \$o->{security_user}) or return;
+ require security::level;
+ security::level::level_choose($o, \$o->{security}, \$o->{libsafe}, \$o->{security_user}) or return;
}
install_steps::miscellaneous($o);
}
diff --git a/perl-install/security/level.pm b/perl-install/security/level.pm
index 7ea08a52c..e6ac8876c 100644
--- a/perl-install/security/level.pm
+++ b/perl-install/security/level.pm
@@ -44,4 +44,44 @@ sub set {
run_program::rooted($::prefix, "/usr/sbin/msec", $run_level ? $run_level : 3);
}
+sub level_choose {
+ my ($in, $security, $libsafe, $email) = @_;
+
+ my %l = (
+ 0 => N("Welcome To Crackers"),
+ 1 => N("Poor"),
+ 2 => N("Standard"),
+ 3 => N("High"),
+ 4 => N("Higher"),
+ 5 => N("Paranoid"),
+ );
+ my %help = (
+ 0 => N("This level is to be used with care. It makes your system more easy to use,
+but very sensitive: it must not be used for a machine connected to others
+or to the Internet. There is no password access."),
+ 1 => N("Password are now enabled, but use as a networked computer is still not recommended."),
+ 2 => N("This is the standard security recommended for a computer that will be used to connect to the Internet as a client."),
+ 3 => N("There are already some restrictions, and more automatic checks are run every night."),
+ 4 => N("With this security level, the use of this system as a server becomes possible.
+The security is now high enough to use the system as a server which can accept
+connections from many clients. Note: if your machine is only a client on the Internet, you should choose a lower level."),
+ 5 => N("This is similar to the previous level, but the system is entirely closed and security features are at their maximum."),
+ );
+ delete @l{0,1};
+ delete $l{5} if !$::expert;
+
+ $in->ask_from(
+ N("DrakSec Basic Options"),
+ N("Please choose the desired security level") . "\n\n" .
+ join('', map { "$l{$_}: " . formatAlaTeX($help{$_}) . "\n\n" } ikeys %l),
+ [
+ { label => N("Security level"), val => $security, list => [ sort keys %l ], format => sub { $l{$_[0]} } },
+ if_($in->do_pkgs->is_installed('libsafe') && arch() =~ /^i.86/,
+ { label => N("Use libsafe for servers"), val => $libsafe, type => 'bool', text =>
+ N("A library which defends against buffer overflow and format string attacks.") }),
+ { label => N("Security Administrator (login or email)"), val => $email, },
+ ],
+ );
+}
+
1;
diff --git a/perl-install/security/libsafe.pm b/perl-install/security/libsafe.pm
deleted file mode 100644
index 1001ce4db..000000000
--- a/perl-install/security/libsafe.pm
+++ /dev/null
@@ -1,18 +0,0 @@
-package security::libsafe;
-
-use diagnostics;
-use strict;
-
-use common;
-
-sub config_libsafe {
- my ($prefix, $libsafe) = @_;
- my %t = getVarsFromSh("$prefix/etc/sysconfig/system");
- if (@_ > 1) {
- $t{LIBSAFE} = bool2yesno($libsafe);
- setVarsInSh("$prefix/etc/sysconfig/system", \%t);
- }
- text2bool($t{LIBSAFE});
-}
-
-1;